Systems and methods for transferring or delivering digital information to various end user devices or products may often include authenticating the user or corresponding device and then encrypting the digital information for delivery. One type of authentication and encryption technique is based on public key cryptography, which involves a public key and a corresponding private key. The public key may be widely published or distributed across a communications network, while the corresponding private key is held in secret by the authorized end user or device. In public key cryptography, the private key is used by its owner to generate a signature over a message that can be verified with the corresponding public key. Additionally, the private key may be used to decrypt a message that was encrypted by a third party using the matching public key. In either case, the correspondence between the private and public keys allows the private key owner to authenticate data being sent or uniquely receive data that is inaccessible to anyone else.
In systems that use public key cryptography, one concern is determining whether a public key is authentic, i.e., verifying that a received public key corresponds to the private key of the purported user or device and has not been replaced or otherwise compromised. One way of addressing this concern is through the use of a public key infrastructure (PKI). This generally involves a certificate authority (CA) that certifies a user/device's public key and its identity. During the certification process, the CA usually generates the certificate that binds the user/device's public key with its identity and also manages the certificate's lifecycle from generation to expiration and/or revocation.
Although the keys referenced by the certificate could be generated by the user/device, for efficiency and logistical reasons, the keys and certificate are often generated ahead of time and loaded onto the device at a product personalization facility. The keys and one or more certificates are collectively referred to as PKI data. This PKI data later will be used by various security applications running in the device to protect the access to data/content, networks, and services. Much of this PKI data is generated at a key generation facility, which is also operated as a certification authority (CA) for a specific product. The key generation facility is usually a trusted facility that is separate from the product personalization facility.
In many cases, the product personalization facility may not be a secure or trusted environment. PKI data distributed to the product personalization facility for loading onto products can be compromised in a manner that will allow later unauthorized access to products manufactured at the product personalization facility. In one scenario, a private key along with its public key certificate is stolen and then copied on to other unauthorized and illegitimate computers and or devices, thus creating clones that all pretend to have a legitimate identity to access the network, services or restricted content.
In factories and service facilities where consumer devices are personalized or serviced there is a need for a secure system and method for ensuring that sensitive data is securely generated, delivered, and consumed.
Throughout the drawings, identical reference numbers designate similar, but not necessarily identical, elements.